Open NFS ports
SharedV4 volumes require specific open NFS ports to allow for communication between nodes in your cluster. Depending on how your cluster is configured, your firewall may block some of these ports or your NFS ports may differ from the defaults. To solve this, you may need to manually assign NFS ports and ensure your firewall or ACL allows them to communicate.
This document provides instructions for detecting and opening NFS ports according to various cluster configurations you may have.
Prerequistes
All of the use-cases in this document require the default Portworx ranges be open between hosts: ports 9001 - 9028 and port 111.
Determine which ports to open
Enter the rpcinfo
command with the -p
flag to find which ports NFS is using on your node:
rpcinfo -p
SharedV4 volumes communicate over the following ports:
- portmapper: 111 (default on all linux distributions)
- nfs service: 2049 (default on all linux distributions)
- mountd: 20048 (depends on the linux distribution)
If the default ports your OS uses match these ports, proceed to the Open NFS ports on most Linux distributions section.
If the NFS ports on your OS do not match these ports, or your ports are chosen randomly by your OS, proceed to the Manually assign and open NFS ports section.
Open NFS ports on most Linux distributions
If your Linux distribution uses the default ports identified in the section above, you do not need to manually assign any ports for NFS, but you may need to open them.
Ensure your ports are open on any firewalls and your ACL by entering the following iptables
command:
iptables -I INPUT -p tcp -m tcp --match multiport --dports 111,2049,20048 -j ACCEPT
iptables -I OUTPUT -p tcp -m tcp --match multiport --dports 111,2049,20048 -j ACCEPT
Once you’ve determined your hosts are using the default ports and opened those ports, you can start using sharedV4 volumes.
Manually assign and open NFS ports
For certain Linux distributions, the OS chooses the mountd
port randomly every time the node reboots. To solve this, you must manually assign NFS ports, and how you accomplish this depends on your OS.
Only perform the steps in one of the following sections if:
- The
mountd
port is not fixed (and not 20048) and is chosen at random by your Linux distribution. - You wish to open a contiguous range of ports for Portworx and want to shift the default NFS ports to the Portworx port range.
If you do need to manually assign and open NFS ports, follow the steps in the section that applies for your OS:
Assign NFS ports on CentOS and Red Hat Enterprise Linux
Modify the
/etc/sysconfig/nfs
file, uncommenting or adding the following fields and assigning the associated values:LOCKD_TCPPORT=9023
LOCKD_UDPPORT=9024
MOUNTD_PORT=9025
STATD_PORT=9026
Enter the
systemctl restart nfs-server
command to restart the NFS server:systemctl restart nfs-server
Open the newly assigned NFS ports on your access control list:
iptables -I INPUT -p tcp -m tcp --match multiport --dports 111,2049,9023,9025,9026 -j ACCEPT iptables -I OUTPUT -p tcp -m tcp --match multiport --dports 111,2049,9023,9025,9026 -j ACCEPT iptables -I INPUT -p udp -m udp --dport 9024 -j ACCEPT iptables -I OUTPUT -p udp -m udp --dport 9024 -j ACCEPT
Open NFS ports on Debian-based Linux
Modify the
/run/sysconfig/nfs-utils
file, uncommenting or adding the following fields and assigning the associated values:RPCNFSDARGS=" 8 --port 9023"
: append the--port 9023
option to any existing values.RPCMOUNTDARGS="--port 9024"
: add the--port 9024
option.STATDARGS="--port 9025 --outgoing-port 9026"
: add the--port 9025
and--outgoing-port 9026
options.
Enter the following commands to restart the NFS server:
systemctl daemon-reload systemctl restart rpc-statd systemctl restart rpc-mountd systemctl restart nfs-server
Open the newly assigned NFS ports on your access control list:
iptables -I INPUT -p tcp -m tcp --match multiport --dports 111,2049,9023,9025,9026 -j ACCEPT iptables -I OUTPUT -p tcp -m tcp --match multiport --dports 111,2049,9023,9025,9026 -j ACCEPT iptables -I INPUT -p udp -m udp --dport 9024 -j ACCEPT iptables -I OUTPUT -p udp -m udp --dport 9024 -j ACCEPT
Open NFS ports on CoreOS
The following sharedv4 NFS services run on a node when Portworx is installed with sharedv4 support:
- portmapper
- status
- mountd
- nfs and nfs_acl
- nlockmgr
View these services and the port they are using by entering the rcpinfo -p
command:
```text
rcpinfo -p
```
By default, services like mountd
and nlockmgr
run on random ports and must be fixed to a specific port.
Configure nfs, nfs_acl, and lockd ports
By default, the nfs-server.service
configuration file is located under the following directory:
/usr/lib/systemd/system/nfs-server.service
Check the status of the existing
nfs-server.service
:systemctl status nfs-server
Copy the systemd unit file from the
usr
directory into theetc
directory:cp /usr/lib/systemd/system/nfs-server.service /etc/systemd/system/nfs-server.service
Open
/etc/systemd/system/nfs-server.service
in a text editor and, under the[Service]
section, add the--port 9023
value to theExecStart=/usr/sbin/rpc.nfsd
key:[Service] Type=oneshot RemainAfterExit=yes ExecStartPre=/usr/sbin/exportfs -r ExecStart=/usr/sbin/rpc.nfsd --port 9023 ExecStop=/usr/sbin/rpc.nfsd 0 ExecStopPost=/usr/sbin/exportfs -au ExecStopPost=/usr/sbin/exportfs -f
Update the
lockd
ports:echo 9027 > /proc/sys/fs/nfs/nlm_udpport echo 9028 > /proc/sys/fs/nfs/nlm_tcpport
Ensure the
lockd
manager ports persist over node reboots by creating a100-nfs-ports.conf
file under the/etc/sysctl.d/
folder and adding the ports to it:cat /etc/sysctl.d/100-nfs-ports.conf fs.nfs.nlm_tcpport = 9027 fs.nfs.nlm_udpport = 9028
Reload the
systemd
daemon and restart thenfs-server
service:systemctl daemon-reload systemctl restart nfs-server
Verify that the NFS services are running on the ports you configured by searching the output of
rcpinfo -p
:rpcinfo -p | grep nfs
100003 3 tcp 9023 nfs 100003 4 tcp 9023 nfs 100227 3 tcp 9023 nfs_acl
rpcinfo -p | grep nlock
100021 1 udp 9027 nlockmgr 100021 3 udp 9027 nlockmgr 100021 4 udp 9027 nlockmgr 100021 1 tcp 9028 nlockmgr 100021 3 tcp 9028 nlockmgr 100021 4 tcp 9028 nlockmgr
Configure mountd services
Check the status of the existing
nfs-server.service
:systemctl status nfs-mountd
Copy the systemd unit file from the
usr
directory into theetc
directory:cp /usr/lib/systemd/system/nfs-mountd.service /etc/systemd/system/nfs-mountd.service
Open
/etc/systemd/system/nfs-mountd.service
in a text editor and, under the[Service]
section, add the--port 9024
value to theExecStart=/usr/sbin/rpc.mountd
key:... [Service] Type=forking ExecStart=/usr/sbin/rpc.mountd --port 9024
Reload the
systemd
daemon and restart thenfs-server
service:systemctl daemon-reload systemctl restart nfs-server
Verify that the NFS services are running on the ports you configured by searching the output of
rcpinfo -p
:rpcinfo -p | grep mountd
100005 1 udp 9024 mountd 100005 1 tcp 9024 mountd 100005 2 udp 9024 mountd 100005 2 tcp 9024 mountd 100005 3 udp 9024 mountd 100005 3 tcp 9024 mountd
Configure statd services
Check the status of the existing
rpc-statd.service
:systemctl status rpc-statd
Copy the systemd unit file from the
usr
directory into theetc
directory:cp /usr/lib/systemd/system/rpc-statd.service /etc/systemd/system/rpc-statd.service
Open
/etc/systemd/system/rpc-statd.service
in a text editor and, under the[Service]
section, add the--port 9025
and--outgoing-port 9026
value to theExecStart=/usr/sbin/rpc.statd
key:... [Service] Environment=RPC_STATD_NO_NOTIFY=1 Type=forking PIDFile=/var/run/rpc.statd.pid ExecStart=/usr/sbin/rpc.statd --port 9025 --outgoing-port 9026
Reload the
systemd
daemon and restart therpc-statd
service:systemctl daemon-reload systemctl restart rpc-statd
Verify that the NFS services are running on the ports you configured by searching the output of
rcpinfo -p
:rpcinfo -p | grep status
100024 1 udp 9025 status 100024 1 tcp 9025 status